CVE-2019-11271

HIGH

7.8

CVSS Severity Score

EPSS Score0.1340%

EPSS Percentile38.77th

PublishedJun 19, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.

Affected Platforms (CPE)

📦

Cloud Foundry

Bosh

>= 270.0.0 and < 270.1.1

References & Advisories

🔗 https://www.cloudfoundry.org/blog/cve-2019-11271

Related Vulnerabilities

CVE-2017-49929.8

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17...

CVE-2016-66379.6

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x ...

CVE-2016-44359.0

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthentica...

CVE-2016-66518.8

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x bef...